As a degreeless, high school drop out who works for a very large corporation that's not the case. In a time where many are screaming about shortages in skilled IT people, mandating a degree is only going to narrow the already small pool of possible candidates down even further for no explicable gain. Many job advertisements I've seen will say "degree or relative experience", the latter being the key part here.
A degree is a proxy. A recruiter without specific knowledge cannot assess a developer's technical abilities in any meaningful way (even an extremely experienced developer can't reliably do so). The degree implies a school continuously assessed the individual abilities over the course of several years and found them acceptable enough to issue the degree. A degree offsets responsibility from the recruiter to the school/institution.
Also from the potential hire himself. It's not that he sucks, his college didn't prepare him for this new role. It's not his lack of passion and really any deep interest in the craft, it's just that he had wrong lecturers, also most of them even weren't there to lecture most of the time, so what can you expect?
So now we can hire him and train him for a year or more, because without it he's completely useless, but that's ok, because he's just like we expect him to be. On the other hand, this one here who was willing to take all the responsibility for himself, who's eager to prove his actual skill doing useful things, he's too dangerous, because... What? Because he could actually end up doing something, and then we'd feel bad?
I'm not saying what you say is wrong, like in untrue, but I can't help but feel it's somehow unfair.
> a school continuously assessed the individual abilities over the course of several years
Yeah. Some abilities. That differs from person to person and from college to college, but these abilities may or may not be the ones you want to optimize for.
> but that's ok, because he's just like we expect him to be.
For large companies, predictability beats quality. Keep in mind strict business processes exist to defend organizations from incompetent workers, even at the cost of limiting competent ones. Incompetent workers are cheaper. Since the processes prevent competent ones from achieving outstanding results, there is an obvious incentive to hire only incompetent ones.
> I can't help but feel it's somehow unfair.
Not sure about fairness. I certainly don't like it.
> Yeah. Some abilities.
Those are the abilities large banks and insurance companies want. For the average non-technical manager, being able to consider developers as interchangeable cogs beats developers that are impossible for managers to characterize or predict.
What for? Apple discourages the use of OpenSSL[1] and instead use their own open source library[2] which also has an API present inside of Cocoa and iOS.
I suspect mirror delay is less of an issue than you might perceive it to be. Many CPAN mirrors manage to stay within tens of seconds/no more than a minute from the main CPAN mirror that PAUSE publishes to.
Also, I imagine the various regulation ISPs and hosting providers are obligated to inside the country - if customers can siphon off data that local officials disapprove of to another region easily, it puts Amazon in a difficult position.
Also it's bad for other sites. If China pulls of their google antics on Amazon and blocks sites hosted by them its a large proportion of what we all use blocked inside China as casualties.
On the flip side, Homakov personally has incredibly bad OPSEC practices which would make me think twice for using him. There's a correlation between what you pay and what you might get.
What do you even mean to have "incredibly bad OPSEC practices"? Without an explanation, your comment comes across as more unnecessary snark, which unfortunately isn't uncommon in threads that remark upon Homakov, or on HN in general.
No, actual whistleblowers should be covering their own asses as much as possible with informed decisions and good opsec/infosec practices and not trusting anyone or anything else which includes the press. If a whistleblower's identity is exposed, it stands to reason media outlets have more to gain from the fallout.
It's far simpler to remove the need for passwords alltogether or at least minimise them than to offset the liability against your employees using security software correctly.
2FA and VPNs are not exclusively the only way to secure things. X.509, bastion servers, airgaps that require physical access to a secure facility etc are also valid options, dependent on your systems and their configuration.
Granted, but an airgap would make working with some internal support tool a bit cumbersome :)
Bastion servers if properly firewalled might be OK for a short term solution. The concern there is if you allow unfettered ssh (for example) is someone watching for the inevitable brute-forcing that will ensue?
Mandatory SSH keys mitigates the brute forcing risk, and turns it into a nuisance. My employer presently has this arrangement and has done so for a while. Bastions only get you in the door: different entrances for different environments, users keys are only propagated to the machines they need.
Roger that. I keep thinking of my customer support people as non-technical and for whom ssh keys, port forwarding & bastion hosts are way over their heads but your point is taken. There are other (cheaper!) ways to secure an internal network.
